IN THE CLAIMS: 



Amended claims follow: 

1 . (Currently Amended) A computerized method comprising: 

monitoring a peer-to-peer network for suspicious activity based on patterns of 
activity; and 

performing an action associated with a pnfticulors us picious pattern of activity 
when the oart i cula r suspicious pattern of activity is detected in the peer-io-peer network; 

wherein the peer-to-peer network permits peers to connect and operate 
substantially without a server by utilizing the server, at most, for providing addresses for 
the peers in the peer-to-peer network; 

wherein Ifal lthe suspicious pattern of activity is defined in temis of a configuration 
of shared data on a peer, the configuration establishing a baseline of authorized shares and 
permissions in association with the shared data; 

wherein monitoring a peer-to-peer network comprises evaluating a change with 
respect to the shared data on a peer in the peer-io-peer network, the change being made 
with respect to the baseline. 

2. (Original) The computerized method of claim I, wherein monitoring a peer-to-peer 
network comprises: 

evaluating network traffic among peers in the peer-io-peer network. 

3. (Cancelled) 

4. (Original) The computerized method of claim I , wherein a pattern of activity is 
defined in terms of a threshold value of network traHic in the peer-to-peer network. 
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5. (Original) The computerixed method of claim 1 , wherein a pattern of activity is 
defined in terms of network traffic in the peer-to-peer network that uses a specific 
protocol. 

6. (Cancelled) 

7. (Original) The computerized method of claim 1 , wherein a pattem of activity is 
defined in terms of network traffic in the peer-to-peer network having a foreign address. 

8. (Cancelled) 

9. (Currently Amended) The computerized method of claim 1, wherein the action 
comprises logging information about the porticula r suspicious pattem of activity . 

10. (Currently Amended) The computerized method of claim 1, wherein the action 
comprises sending an alert about the particulars us picious pattem of activitv . 

1 1 . (Original) The computerized method of claim 1 , wherein the patterns of activity 
are local to a peer in the peer-to-peer network. 

12. (Original) The computerized method of claim 1, wherein the patterns of activity 
are global to the peer-to-peer network, 

1 3. (Original) The computerized method of claim I further comprising: 
obtaining a set of rules specifying the patterns of activity and associated actions. 

14. (Original) The computerized method of claim 1 3 further comprising: 
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refreshing the set of rules when the set of rules changes. 

1 5. (Currently Amended) A computer-readable medium having executable instructions 
to cause a processor to perform a method comprising: 

monitoring a peer-to-peer network for suspicious activity based on patterns of 
activity; and 

performing an action associated with a particula rs uspicious pattern of activity 
when the particulars us picious patter n of activity is detected in the peer-to-peer network; 

wherein the peer-to-peer network permits peers to connect and operate 
substantially without a server by utilizing the server, at most, for providing addresses for 
the peers in the peer-to-peer network; 

wherein n a Vlthe suspicious pattern of activity is defmed in terms of a configuration 
of shared data on a peer, the configuration establishing a baseline of authorized shares and 
penuissions in association with the shared data; 

wherein monitoring a peer-to-peer network comprises evaluating a change with 
respect to the shared data on a peer in the peer-to-peer network, the change being made 
with respect to the baseline. 

1 6. (Original) The computer-readable medium of claim 1 5, wherein the method further 
comprises: 

evaluating network traffic among peers in the peer-to-peer network when 
monitoring the peer-to-peer network. 

17. (Cancelled) 
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1 8. (Original) The computer-readable medium of claim 1 5, wherein a pattern of 
activity is defined in terms of a threshold value of network traJTic in the peer-to-peer 
network. 

1 9. (Original) The computer-readable medium of claim ] 5, wherein a pattern of • 
activity is defined in terms of network traffic in the peer-to-peer network that uses a 
specific protocol. 

20. (Cancelled) 

21. (Original) The computer-readable medium of claim 1 5, wherein a pattern of 
activity is defined in terms of network traffic in the peer-to-peer network having a foreign 
address. 

22. (Cancelled) 

23. (Currently Amended) The computer-readable medium of claim 15, wherein the 
action comprises logging information about the partioula rs uspicious patter n of activity . 

24. (Currently Amended) The computer-readable medium of claim 1 5, wherein the 
action comprises sending an alert about the particula rs uspicious pattern of activitv . 

25. (Original) The computer-readable medium of claim 1 5, wherein the patterns of 
activity are local to a peer in the peer-to-peer network. 

26. (Original) The computer-readable medium of claim 1 5, wherein the patterns of 
activity are global to the peer-lo-peer network. 
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27. (Original) The computer-readable medium of claim 1 5, wherein the method ftirther 
comprises: 

obtaining a set of rules specifying the patterns of activity and associated actions. 

28. (Original) The computer-readable medium of claim 27, wherein the method further 
comprises: 

refreshing the set of rules when the set of rules changes. 

29. (Currently Amended) A system comprising: 

a processor coupled to a memory through a bus; 

a network interface coupled to the processor through the bus and further operable 
to selectively couple to a peer-to-peer network; and 

a peer-to-peer security process executed by the processor from the memory to 
cause the processor to monitor the peer-to-peer network for suspicious activity based on 
patterns of activity, and to perform an action associated with a particula r suspicious pattern 
of activity when the particula r suspicious patte rn of activity is detected in the peer-to-peer 
network; 

wherein the peer-to-peer network permits peers to connect and operate 
substantially without a server by utilizing the server, at most, for providing addresses for 
the peers in the peer-to-peer network; 

wherein ffal lthe suspicious pattern of activity is defined in terms of a configuration 
of shared data on a peer, the configuration establishing a baseline of authorized shares and 
permissions in association with the shared data; 

wherein monitoring a peer-to-peer network comprises evaluating a change with 
respect to the shared data on a peer in the peer-to-peer network, the change being made 
with respect to the baseline. 
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30. (Original) The system of claim 29. wherein peer-to-peer security process further 
causes the processor to evaluate network traffic between the peers in the peer-to-peer 
network when monitoring the peer-to-peer network. 

31. (Cancelled) 

32. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to monitor the peer-to-peer network for a pattern of activity 
defined in terms of a threshold value of network traffic in the peer-to-peer network. 

33. (Original) The system of claim 29. wherein the peer-io-peer security process 
further causes the processor to monitor the peer-to-peer network for a pattern of activity 
defined in terms of network traffic in the peer-to-peer network that uses a specific 
protocol. 

34. (Cancelled) 

35. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to monitor the peer-to-peer network for a pattern of activity 
defined in tenns of netwoiic traffic having a foreign address. 

36. (Cancelled) 

37. (Currently Amended) The system of claim 29, wherein the peer-to-peer security 
process fiirther causes the processor to log information about the partioulo r suspicious 
pattern of activity when performing the action associated with the partioula rG uspicious 
pattern of activity . 
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38. (Currently Amended) The system of claim 29, wherein the peer-to-peer security 
process further causes the processor to send an alert about the particulo r suspicious pattern 
of activity when performing the action associated with the porticula rs uspicious pattemjQf 
agtiyity- 

39. (Original) The system of claim 29, wherein the system is a peer in the peer-to-peer 
network and the patterns of activity are local to the system. 

40. (Original) The system of claim 29, wherein the system is a server in the peer-lo- 
peer network and the patterns of activity are global to the peer-to-peer network. 

41. (Original) The system of claim 40, wherein the system is a border firewall. 

42. (Original) Tlie system of claim 40, wherein the system is a domain name server. 

43. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to obtain a set of rules specifying the patterns of activity and 
associated actions. 

44. (Original) The system of claim 43, wherein the peer-to-peer security process 
further causes the processor to refresh the set of rules when the set of rules changes. 

45. (Previously Presented) The computerized method of claim 1 , wherein a share 
configuration loop is executed to detect changes to shares and corresponding permissions, 
and an action is initiated as a function of a type of the changes. 



46. (Previously Presented) The computerized method of claim 45, wherein the share 
configuralion loop is executed dynamically. 

47. (Previously Presented) The computerized method of claim 45, wherein the share 
configuration loop is executed on a schedule. 

48. (Previously Presented) The computerized method of claim 45, wherein the share 
configuration loop examines a current share configuration against a previously recorded 
shared configuration to detect the changes to the shares and the corresponding 
permissions. 

49. (Previously Presented) The computerized method of claim 45, wherein, if the 
change includes an attempt to im-share a file or directory, the action includes a log entry. 
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